Web Security

Question 1

Security by Obscurity

Answer 1

DUMB AF

“Nobody knows the URLs of our API, so it’s safe”- some dumbass

Question 2

What to use instead of HTTP

Answer 2

HTTPS! uses secure TLS connection (encrypted)

Harder to access the requests/responses

Not impossible though

Question 3

Authentication vs Authorisation

Answer 3

Authentication: Confirming the identity of someone

Authorisation: Verifying that you are permitted to do what you want to do

Question 4

How ot Authenticate/Authorize

Answer 4

HTTP Basic Authentication
Session IDs
Tokens
OAuth (2.0) Authorisation
Signed Requests

Question 5

HTTP Basic Authentication

Answer 5

User and password authentication sent via HTTP headers… clear text.

User and password sent in each request
-Possible to steal

After first login use session IDs or tokens

Question 6

Session IDs

Answer 6

After user is authenticated. set a cookie to provide the server with information about the client, server remembers rights, data, transactions etc)

Stateful (conflicts with REST)

Can be guessed/stolen

Question 7

Tokens

Answer 7

Data that is used instead of credentials (user/pw)
-credentials not sent back and forth all the time

Bearer token: anyone who “bears” it has access

Question 8

OAuth 2.0

Answer 8

Login with some other account… google or fb

Question 9

Request Signing

Answer 9

Create secure hash of the entire request

send request and hash to the server

server creates hash using your secret(only you and the server know it) and compares to your hash

vulnerable to Replay attack
-fix with including date in the request

Secret is often sent with other mediums…email sms etc.

Question 10

Vulnerability

Answer 10

weakness of an asset or group of assets which can be exploited by a threat

Question 11

Threat

Answer 11

capabilities, intentions and attack methods of adversaries or any circumstance or event that has the potential to cause harm to info or system… or cause these to harm others

Question 12

Exploit

Answer 12

defined way to breach the security of an information system through vulnerability

Question 13

OWASP top 10

Answer 13

1. Injection
2. Broken Authentication
3. Sensitive Data Exposure
4. XML External Entities
5. Broken Access Control
6. Security Misconfiguration
7. Cross-Site Scripting
8. Insecure Deserialisation
9. Using Components with known vulnerabilities
10. Insufficient logging and monitoring

Question 14

Injection

Answer 14

When untrusted data is sent to an interpreter as part of a command or query. Tricking the interpreter to execute unintended commands or accessing data without proper authorization

Question 15

Broken Authentication

Answer 15

Username/pw re-use
Weak passwords
Re-use of session IDs no proper invalidation of session IDs

Question 16

Sensitive Data Exposure

Answer 16

Cleartext transfer
Data stored in cleartext on database
weak algorithms

Question 17

Broken access control

Answer 17

Security by obscurity

Modifying URLs and parameters/request body to maybe get access

Question 18

Security misconfiguration

Answer 18

Unnecessary features enabled

standard accounts/pw still existing

returning full stack traces to user

Question 19

Cross site scripting

Answer 19

User input directly displayed withoud escaping/sanitasing

Question 20

Using components with known vulerabilities

Answer 20

Ill update later
Nested dependencies
irregular scans for vulnerabilities

Question 21

Insufficient logging and monitoring

Answer 21

No logging

Not enough loggin

Only local loggin

Maby you wont even know about the attack!